USING Wireguard to SPAN One Subnet
Assumptions -
One DCHP Server,
Subnet Uses Main Office For Internet.
SOLUTION METHOD ONE: EOIP OVER WIREGUARD
a. create wireguard connectivity as per normal and then
b. create the EOIP tunnel within the WG tunnel ( EOIP never concerns its self ever with local WANIPs at either end )
Note: Here we are considering one MAIN office R1 and one Satellite office R2.
a. Setup the WG
/MT Device One info
/interface wireguard
listening port 15551 mtu=1420 name=wireguard-home
/interface wireguard peers
add allowed-address=192.168.50.2 interface=wireguard-home public-key="---" comment=Router2
add allowed address=192.168.50.3 interface=wireguard-home public0key="---" comment=remoteAdmin
/ip address
add address=192.168.50.1/24 interface=wireguard-home
/MT Device Two
/interface wireguard
listening port 10771 mtu=1420 name=wireguard-client
/interface wireguard peers
add allowed-address=192.168.50.0/24 endpoint-address=mynetnameMTDEVICEONE endpoint-port=15551 \
interface=wireguard-client public-key="..." persistant keep-alive=35sec
/ip address
add address=192.168.50.2/24 interface=wireguard-client
b. Setup EIOP tunnel over wireguard.
Router ONE,
eoip-to-TWO
remote address= 192.168.50.2
local address= 192.168.50.1
tunnel ID= 321
Router TWO
eoip-to-ONE
remote address= 192.168.50.1
local address= 192.168.50.2
tunnel ID= 321
Now lets provide context to the configuration and identify key components.
VLAN 20 is the common VLAN on both routers with subnet 192.168.88.0/24
R1 Address 192.168.168.1/24 interface=vlan20 network=192.168.168.0 { Main office }
R2 Address 192.168.168.2/24 interface=vlan20 network=192.168.168.0 { Satellite office }
R1 - Provides full DHCP service for both main and satellite.
R1 - Provides internet for both main and satellite.
R1 - ether4-MainR1 { port on router }
R2 - ether3-SatelliteR2 { port on router }
Router One
/interface bridge ports
add bridge=bridge interface=ether4-MainR1
add bridge=bridge interface=eoip-to-TWO pvid=20
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=eiop-to-TWO,ether4-MainR1 vlan-ids=20
Router Two
/interface bridge ports
add bridge=bridge interface=ether3-SatelliteR2 pvid=20
add bridge=bridge interface=eoip-to-ONE pvid=20
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=eiop-to-ONE,ether3-SatelliteR2 vlan-ids=20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SOLUTION METHOD TWO: VXLAN OVER WIREGUARD
a. create wireguard connectivity as per normal and then
b. create the VXLAN tunnel within the WG tunnel ( vxlan never concerns its self with local WANIPs at either end )
Note: Here we are considering one MAIN office R1 and one Satellite office R2.
a. setup the wg tunnel
/MT Device One info
/interface wireguard
listening port 15551 mtu=1550 name=wireguard-home
/interface wireguard peers
add allowed-address=192.168.50.2, interface=wireguard-home public-key="---" comment=Router2
add allowed address=192.168.50.3 interface=wireguard-home public0key="---" comment=remoteAdmin
/ip address
add address=192.168.50.1/24 interface=wireguard-home
/MT Device Two
/interface wireguard
listening port 10771 mtu=1550 name=wireguard-client
/interface wireguard peers
add allowed-address=192.168.50.0/24, endpoint-address=mynetnameMTDEVICEONE endpoint-port=15551 \
interface=wireguard-client public-key="..." persistant keep-alive=35sec
/ip address
add address=192.168.50.2/24 interface=wireguard-client
Now lets provide context to the configuration and identify key components.
VLAN 20 is the common VLAN on both routers with subnet 192.168.88.0/24
R1 Address 192.168.168.1/24 interface=vlan20 network=192.168.168.0 { Main office }
R2 Address 192.168.168.2/24 interface=vlan20 network=192.168.168.0 { Satellite office }
R1 - Provides full DHCP service for both main and satellite.
R1 - Provides internet for both main and satellite.
R1 - ether4-MainR1 { port on router }
R2 - ether5-SatelliteR2 { port on router }
VLANx Settings
Step1: Assign vxlan interface name.
R1: Interface name=MO { Main Office }
R2: Interface name=SOL1 { Satellite Office Location 1 }
Step2: Allocate VTEP to the underlying structure
R1: VTEP --> interface=MO remoteIP=192.168.50.2 { since the remote IP wireguard address of R2 is 50.2 }
R2: VTEP --> interface=SOL1 remoteIP=192.168.50.1 { since the remote IP wireguard address of R1 is 50.1 }
Step3: Assign vxlan parameters as required. The first iteration of this solution will be to span the same subnet.
R1 (interface MO --> vni=1001 port=9472
R2 (interface SOL1) --> vni=1001 port=9472
Step4: Add both vxlan interfaces to the single bridge on each router and connect/associate to the applicable VLAN interface.
R1
/interface bridge port
add bridge=bridge interface=ether4-MainR1 pvid=20
add bridge=bridge interface=MO pvid=20
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=MO,ether4-MainR1 vlan-ids=20
R2
/interface bridge port
add bridge=bridge interface=ether5-SatelliteR2 pvid=20
add bridge=bridge interface=SOL1 pvid=20
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=SOL1,ether5-SatelliteR2 vlan-ids=20